Cyber criminals now use messaging apps to harvest data – FBI

FBI agents have issued a warning about a new scam that targets instant messaging apps, including Facebook Messenger.

ADVERTISEMENT

The scam attempts to trick users into opening a malicious link that harvests their personal data and login credentials for social networks, like Facebook.

In a bid to coerce people into opening the suspicious URL, cyber criminals pose a question to their targets: ‘Hey I saw this video. Isn’t this you?’

ADVERTISEMENT

Although the original warning from the FBI highlighted Facebook Messenger as a particular platform of concern, this has since been amended after the scam was found on other rival platforms.

It’s unclear how many people have been hit by the latest scam, or how exactly cyber criminals are generating revenue.

However, email address and password combinations used to login to popular social networks and websites are regularly sold on the dark web.

The most common version of the scam highlighted by the FBI’s Portland office takes the user to a fraudulent website designed to resemble the Facebook login page.

The webpage is a fake controlled by a fraudster who is able to steal any details inputted by users mistakenly believing they’re logging into their Facebook account.

If people use the same email address and password combination on other websites, hackers can use the stolen details to login to those as well.

This can allow criminals access to online banking, or frequent flyer miles.

Other forms of the scam can be more direct in approach, taking targeted users to a page that automatically harvests their login credentials, the FBI warns.

According to the FBI staff member, they first witnessed the scam after they were contacted by a friend on Facebook Messenger.

‘The message included a video link and read: “Hey I saw this video. Isn’t this you?”,’ the FBI agent explained. ‘I was suspicious, so I didn’t click on the link.

‘The next day he contacted me outside of the app and said that fraudsters had hacked his account and to not click on any of the links that were sent because they contained a computer virus.’

Warning the public, the FBI said: ‘The best way to spot and avoid these scams is to avoid clicking on any links that you receive from friends or family until you contact the sender outside of app to verify that he was the one who really sent the message.

‘If you are concerned about the legitimacy of a particular account, report it through Facebook.’

MailOnline said it had approached Facebook for response.

What should you do if you think you have been scammed?

1. Contact the company or person who took your money – this could be fruitless if it’s a scam, but it should be your first port of call.

2. If you bought something costing £100 or more on a credit card, you may be able to claim it back under a little-known law: Section 75. Once you’ve paid using a credit card, the card provider and retailer are locked into a legally binding contract, so if the retailer can’t or won’t refund you, you can raise the dispute with your card provider.

3. If you can’t claim the money back via Section 75 you could try using the chargeback scheme. It’s a voluntary agreement by your debit or charge card provider to stand in your corner if anything goes wrong.

4. Unfortunately, if you’ve transferred the money using sites such as Moneygram, Western Union or PayPal, you generally can’t get your money back once you’ve handed it over. Source: Money Saving Expert